CVE-2023-0685

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxunassignfolders function. This makes it possible for unauthenticated attackers to invoke this function via...

CVE-2023-0685

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxunassignfolders function. This makes it possible for unauthenticated attackers to invoke this function via...

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

Cross site request forgery (csrf)

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

Cross site request forgery (csrf)

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxclonefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

CVE-2023-0722 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...

Cross site request forgery (csrf)

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavesortorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

PT-2023-15150 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is due to missing nonce validation in the wpr create mega menu template AJAX function, allowing unauthenticated attackers to create...

CVE-2022-40282

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...

Command injection

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...

Easy Registration Forms <= 2.1.1 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1...

Newsletter WordPress Plugin Opens Door to Site Takeover

Newsletter, a WordPress plugin with more than 300,000 installations, has a pair of vulnerabilities that could lead to code-execution and even site takeover. The Newsletter plugin offers site admins a visual editor that can be used to create newsletters and email campaigns from within WordPress...

Newsletter < 6.8.2 - Authenticated PHP Object Injection

The ‘restoreoptionsfromrequest‘ function called by the AJAX function ‘tnpcrendercallback‘ runs ‘unserialize’ directly on ‘$options'inlineedits'’ which is provided by user input in the $POST‘options’ parameter. This creates the potential for an Object Injection vulnerability. For example, a user...

Import users from CSV with meta <= 1.14.1.3 - CSRF leading to attachment deletion & Path Traversal

CSRF leading to attachment deletion via the acuideleteattachment AJAX function...

Dropshix <= 4.0.11 - Arbitrary Product Import

Due to lack of authorisation and CSRF checks in the AJAX function xoxImportItem...

CVE-2018-0588

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2018-0588

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors...

Directory traversal

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2018-0588

Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors...